For further insight, the reader may be interested in attempting the (in particular the Fallout level).

The Vulnerability

This contract collects ether and allows only the owner to withdraw it, by calling the function. The issue arises because the constructor is not named exactly the same as the contract: the first letter is different! Thus, any user can call the ownerWallet function, set themselves as the owner, and then take all the ether in the contract by calling .

Preventative Techniques

Real-World Example: Rubixi

was another pyramid scheme that exhibited this kind of vulnerability. It was originally called , but the contract name was changed before deployment to Rubixi. The constructor’s name wasn’t changed, allowing any user to become the creator. Some interesting discussion related to this bug can be found on Bitcointalk. Ultimately, it allowed users to fight for creator status to claim the fees from the pyramid scheme. More detail on this particular bug can be found in .